View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 250
IDProjectCategoryView StatusDate SubmittedLast Update
14947Bug reportsSecuritypublic2019-05-28 16:552019-05-29 11:14
Reportertassoman Assigned ToDenisChenu  
PrioritynoneSeverityminor 
Status closedResolutionduplicate 
Product Version3.16.x 
Fixed in Version3.17.x 
Summary14947: Question upload plugin, XSS during title, comment form filling
Description

While people is answering a «Question Upload» question type, they might be able to fill «Title» and «Comment» to its files.
This fields aren’t filtered by Cross Site Scripting XSS vulnerability so that client is able to (self) execute malicious code.

Steps To Reproduce

Answer a survey having «Question upload» question type.
Browse a file to upload
Fill the title with: "<script>alert('aaa');</script> titolo"
Fill the comment with: "<script>alert('bbb');</script> commento"
Click upload button

Additional Information

As mitigation, filtering is made after file get submitted to the server and survey managers can disable title and comment fields.

TagsNo tags attached.
Bug heat250
Complete LimeSurvey version number (& build)3.16.1+190314
I will donate to the project if issue is resolvedNo
BrowserFirefox
Database type & versionMySql
Server OS (if known)Centos7
Webserver software & version (if known)Apache
PHP Version7.2

Relationships

Relationship GraphDependency Graph
duplicate of 14737 closedDenisChenu XSS with file upload 

Users monitoring this issue

There are no users monitoring this issue.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-05-28 16:55 tassoman New Issue
2019-05-29 11:14 DenisChenu Relationship added duplicate of 14737
2019-05-29 11:14 DenisChenu Assigned To => DenisChenu
2019-05-29 11:14 DenisChenu Status new => closed
2019-05-29 11:14 DenisChenu Resolution open => duplicate
2019-05-29 11:14 DenisChenu Fixed in Version => 3.17.x